[
https://issues.apache.org/jira/browse/OAK-3886?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15101099#comment-15101099
]
Alexander Klimetschek commented on OAK-3886:
--------------------------------------------
This could be added in a non-breaking, opt-in way by adding a new interface:
{code}
public interface CustomCredentialsIdentityProvider extends
ExternalIdentityProvider {
Set<Class> getSupportedCredentials();
}
{code}
and then changing ExternalLoginModule.getSupportedCredentials() to this:
{code}
protected Set<Class> getSupportedCredentials() {
if (idp instanceof CustomCredentialsIdentityProvider) {
return ((CustomCredentialsIdentityProvider)
idp).getSupportedCredentials();
} else {
Class scClass = Credentials.class;
return Collections.singleton(scClass);
}
}
{code}
I quickly tested something like this successfully. The ExternalLoginModule
otherwise has no requirement that it's a SimpleCredentials. Only
createAuthInfo() does an {{instanceof SimpleCredentials}}, but that looks very
optional.
> Support custom Credentials in external identity providers
> ---------------------------------------------------------
>
> Key: OAK-3886
> URL: https://issues.apache.org/jira/browse/OAK-3886
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: auth-external
> Reporter: Alexander Klimetschek
>
> Currently, the ExternalLoginModule [only supports
> SimpleCredentials|https://github.com/apache/jackrabbit-oak/blob/cc78f6fdd122d1c9f200b43fc2b9536518ea996b/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/ExternalLoginModule.java#L415-L419].
> As the TODO says, it would be good to allow the ExternalIdentityProvider
> specify the supported types, in case they have custom authentication schemes
> that don't fit the username + password pattern of the SimpleCredentials.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
